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DETAILED ACTION 

This application contains claims 34-39 and 41-44 drawn to an invention 
nonelected with traverse in the reply filed on 10/22/07. A complete reply to the final 
rejection must include cancellation of nonelected claims or other appropriate action (37 
CFR 1.144) See MPEP § 821.01. The traversal was on the grounds that the separate 
groups do not have separate utility. However, the restriction requirement sent on 
9/26/07 provided separate utilities for the groups. 

Claims 1-28, 31, 33, and 40 were examined. Any well known art statements 
made in the last office action not adequately traversed are taken as admittance of prior 
art as per MPEP 2144.03. 

Response to Amendment and Arguments 

Applicant's amendments filed on 7/19/07 were fully considered. Any rejections or 
objections not repeated below for record are withdrawn due to applicant's amendments. 
Applicant's arguments filed on 7/19/07 were also fully considered, but are not 
persuasive. Applicant's argument is that the amendment of requiring the second key to 
be a secret key teaches away from Peyravian's invention because Peyravian requires 
both keys to be public. This argument is based on the view that PKs is the second key. 
However, the examiner respectfully submits the secret one-time use password (PW) 
known by both the client and server can also be considered a key, thus can be 
considered the second key. PW is generated by the server/responder and sent to the 
client/initiator (paragraph 33). 

Claim Objections 
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Claims 6 and 12 are objected to because of the following informalities: 

1 . In claim 6, it is assumed that the deletion of the word "value" was unintentional. 

2. In claim 12, it is assumed that "using" in line 1 should be deleted and "is" should 
be added before "transmitted" in line 3. 

3. Appropriate correction is required. 

Claim Rejections - 35 USC §112 
The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claim 13 is rejected under 35 U.S.C. 112, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. 

1 . As per claim 13, it is unclear how the acts of computing and transmitting are any 
types of messages, much less pre-authentication and internet key exchange 
protocol messages. Computing and transmitting are acts performed while 
messages are things. Claim 24 is indefinite for similar reasons. 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
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invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1-6, 8-11, 14-18, 20-28, 33, and 40 are rejected under 35 U.S.C. 103(a) 
as being unpatentable over Peyravian et al (US 2004/0158715) in view of Crandall (US 
5,159,632) and Gehrmann (US 7,284,127). 
Claim 1: 

Peyravian discloses: 

1. Computing an authentication code (i.e. HASH(ARGs)) using a first key (i.e. Dsor 
PKs) and a second key (i.e. PW) within said responder (Fig 1, steps 140-155). 
The server is considered the responder. Note that PWis used to create Ds, 
which in turn is used to create ARGs, which is used in a hash function to create 
an authentication code. 

2. Transmitting said second key and said authentication code from said responder 
to an initiator (paragraph 33 and Fig 1, steps 105 and 160-165). 

3. Transmitting said first key from said responder to said initiator (Fig 1, steps 160- 
1 65). Note that the first key (Ds or PKsJ is sent from the server to the client as 
part ofEXTs. 

4. Computing a verification code (i.e. HASH(ARGs')) using said first key and said 
second key within said initiator (Fig 1, step 120 and Fig 2, steps 210 and 215). 
Note that Dc, which is used to calculate the verification code is calculated from 
PW, thus the verification code is computed using the first key (Ds or PKs) and the 
second key (PW). 

5. Comparing said verification code with said authentication code (Fig 2, step 220). 
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6. Authenticating said responder as a correct communication partner if said 
comparing checks out (Fig 2, step 220-225). 

7. Wherein said second key is a secret key (paragraph 22). 

Peyravian does not explicitly disclose the transmitting of the second key and 
authentication code is using a first communication channel, wherein said first 
communication channel is a secure channel. Peyravian also does not explicitly disclose 
the transmitting of the first key is using a second communication channel. 

However, note that Peyravian's invention utilizes a Diffie-Hellman key exchange 
(abstract), which exchanges public keys between an initiator and a responder 
(paragraphs 17-32; Fig 1, steps 150-155; and Fig 2, steps 210-215). Crandall discloses 
that with public key systems, a nonsecure channel is usually used to transmit some of 
the information and a secure channel is used to transmit other information (col 1, lines 
32-51 and col 2, lines 4-7, 26-28, and 43-46). Further, as evidenced by Gehrmann, the 
Diffie-Hellman key exchange protocol is vulnerable to a man-in-the-middle attack (col 1, 
lines 53-65). Gehrmann teaches calculating a message authentication code t from a 
public key X and a secret passcode K (Fig 2a, step 104; col 6, lines 64-67; and col 7, 
lines 6-14) and transferring the authentication code and secret passcode to a second 
communication unit (Fig 2a, steps 205-207 and col 7, lines 30-51). 

At the time applicant's invention was made, it would have been obvious to one 
skilled in the art to transmit some of the information from the responder to the initiator 
using a secure channel and other information using a nonsecure channel as taught by 



Application/Control Number: 10/677,642 Page 6 

Art Unit: 2135 

Crandall. It would have been obvious to one skilled in the art to transmit the second key 
taught by Peyravian (i.e. PW) and the authentication code using a first/secure channel 
as taught while transmitting the first/public key using a nonsecure channel. 

One skilled in the art would have been motivated to transmit some of the 
information in the Diffie-Hellman key exchange as taught by Peyravian using a secure 
and nonsecure channel because it is traditional in public key system to utilize both a 
secure and nonsecure channel to exchange information between two parties. One 
skilled would have been motivated to utilize a first secure communication channel to 
transmit the second key, i.e. PW, and the authentication code because it would reduce 
the chances of a man-in-the-middle attack that Diffie-Hellman key exchanges are 
vulnerable to. One skilled would have been motivated to use a second/nonsecure 
channel to transmit the first/public key of Peyravian because one skilled in the art would 
appreciate that there is no need to keep public keys secure and transmitting via a 
nonsecure channel is less costly in computational resources than using a secure 
channel. 
Claim 2: 

Peyravian further discloses wherein the first key is generated within said 
responder (Fig 1, step 140). 
Claim 3: 

Peyravian further discloses wherein the second key is generated within said 
responder (paragraph 33). 
Claim 4: 
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As per the limitation of wherein in the transmitting of said second key and said 
authentication code, said second key and said authentication code are transmitted via a 
confidential or authenticated communication channel or both, it is obvious to the 
combination invention of Peyravian, Crandall, and Gehrmann because it was 
established already in claim 1 that it would have been obvious to transmit said second 
key and said authentication code via a secure channel. A secure channel is a 
confidential channel. 
Claim 5: 

As per the limitation of wherein in the transmitting of said first key, said first key is 
transmitted via an open channel, it is obvious to the combination invention of Peyravian, 
Crandall, and Gehrmann because it was established already in claim 1 that it would 
have been obvious to transmit said first key via a nonsecure channel since there is no 
need to secure a public key. A nonsecure channel is an open channel. 
Claim 6: 

As per claim 6, Peyravian further discloses wherein said second key is 
composed of a first part and a second part and wherein said first part is used for 
computing said authentication code and said second part is used for calculating an 
authentication value (paragraph 33 and Fig 1, steps 140-155). 

A person skilled in the art should appreciate that a password, which the examiner 
is considering the second key, is typically composed of several characters. As one can 
divide these characters in several ways, it is composed of a first and second part. Note 
that as recited, the limitation further recited in claim 6 does not prohibit that the second 
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part also be used in computing the authentication code and the first part also be used in 
calculating the authentication value, and because the whole password (PW) is used to 
compute an authentication code (HASH(ARGs)) and an authentication value ARGs, said 
first part is used for computing said authentication code and said second part is used for 
calculating an authentication value. 
Claim 8: 

Peyravian further discloses wherein said authentication code and said verification 
code are computed using an algorithm to compute a shored message authentication 
code (Fig 1 , step 155 and Fig 2, step 215). A hash is a short message authentication 
code. 
Claim 9: 

Peyravian does not explicitly disclose wherein if the comparison of the 
authentication code and the verification code yields a difference, said initiator requests 
said responder to retransmit said first key. However, official notice is taken that asking 
a responder to retransmit a key if authentication fails was well known in the art. At the 
time applicant's invention was made, it would have been obvious to one skilled in the art 
to further modify Peyravian's invention according to the limitations recited in claim 9. 
One skilled would have been motivated to do so because it is common practice in the 
art to let a responder know if authentication failed and to try resubmitting an 
authentication code in case the last transmission was an unintentional mistake. 
Claim 10: 
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Peyravian further discloses calculating an authentication value within said 
initiator using said second key (Fig 1, step 120 and Fig 2, steps 210 and 215). PW is 
used to generate Dc, which is used to generate ARGs\ which is considered the 
authentication value. 
Claim 11: 

Peyravian further discloses wherein said authentication code is calculated using 
a pseudo random, i.e. hash, function (Fig 1, step 155). 
Claim 14: 

Claim 14 is substantially similar to what is recited in claim 1 and is rejected for 
similar reasons given therein. The difference is that claim 14 recites a raw public key 
for the first key of claim 1. However, note that the first key disclosed by Peyravian is a 
raw public key, i.e. i.e. Dsor PKs, (Fig 1, steps 104 and150-155 and paragraph 19). 
Claim 14 also recites that the raw public key was transmitted within an encrypted 
certification payload and extracting said raw public key from said encrypted certification 
payload. However, note that Peyravian discloses the raw public key being transmitted 
within an encrypted certificate payload, i.e. EXTs (Fig 1, steps 160-165). EXTs contains 
the encrypted value HASH(ARGs), thus EXTs can be considered an encrypted 
certificate payload. Figure 2, steps 200-210 discloses both Ds and PKs, either of which 
could be considered the raw public key, being used by the client, which means the client 
extracted the raw public key from the encrypted certificate payload. 
Claims 15-18: 
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Claims 15-18 recite limitations similar to what is recited in claims 2-3 and 6 
respectively and are rejected for similar reasons given therein. 
Claim 20: 

Claim 20 recites limitations similar to what is recited in claim 5 and is rejected for 
similar reasons. The difference is that claim 20 refers to the first key of claim 5 as the 
raw public key. However, as discussed in claim 14, Peyravian discloses the first key 
being the raw public key. 
Claims 21-22: 

Claims 21-22 recite limitations similar to what is recited in claims 8-9 and are 
rejected for similar reasons given therein. 
Claim 23: 

Peyravian further discloses wherein in further steps for communicating the 
second key is used for authenticating the initiator to the responder (paragraph 39). 
Claim 24: 

As per claim 24, computing of an authentications code and the transmission of 
said second key and said authentication code are by definition pre-authentication 
messages since these steps are used to authenticate the responder to the initiator. 
Further, the transmitting of said first key and the use of authentication values are used 
to exchange keys, thus are internet key exchange protocol messages. 
Claim 25: 

Claim 25 is directed towards a system comprising a responder and initiator with 
means for implementing the method of claim 1 and is rejected for similar reasons as 
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claim 1. The server of Peyravian is considered a responder and the client is considered 
the initiator. 
Claim 26: 

Claim 26 is directed towards system with a generating means for implementing 
the method of claims 2 and 3 and is rejected for similar reasons given therein. 
Claim 27: 

Claim 27 is directed towards system with a first transmission system for 
implementing the method of claim 4 and is rejected for similar reasons given therein. 
Claim 28: 

Claim 28 is directed towards system with a second transmission means for 
implementing the method of claim 5 and is rejected for similar reasons given therein. 
Claim 33: 

Claim 33 is directed towards a computer readable medium with a computer 
program with instructions stored thereon with instructions operable to cause a processor 
to implement the method of claim 1 and is reject for the same reasons given in claim 1 . 
Claim 40: 

Peyravian does not explicitly disclose wherein the communication is also secured 
by said initiator requesting said responder to retransmit said first key if the comparison 
of authentication code and verification code yields a difference. However, official notice 
is taken that the limitation was well known in the art. It would have been obvious to one 
skilled in the art to further modify Peyravian's invention according to the limitations 
recited in claim 40. One skilled would have been motivated to do so because it is 
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traditional in the art to notify the initiator of an authentication request to retransmit 
whatever is needed to authenticate the initiator if a first attempt to authenticate the 
initiator failed due to an unintentional error. In the case of the combination invention of 
Peyravian, Crandall, and Gehrmann, the first key is used in the authentication protocol, 
thus the initiator would request that the responder retransmit at least the first key. 



Claims 7, 12-13, 19, and 31 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Peyravian et al (US 2004/0158715) in view of Crandall (US 
5,159,632) and Gehrmann (US 7,284,127) and further in view of Eskicioglu (US 
2002/0087865). 
Claim 7: 

Peyravian implicitly discloses wherein said first part is an empty string (paragraph 
22). A password is a series of characters, thus one can consider an empty string as 
being the first part of a password. 

Peyravian does not explicitly disclose wherein said authentication code is 
calculated as an unkeyed hash code. However, Eskicioglu discloses that unkeyed hash 
codes where a hash code is generated without use of a key was well known in the art at 
the time applicant's invention was made (paragraph 12). It would have been obvious to 
one skilled in the art to further modify Peyravian's invention such that the authentication 
code was calculated as an unkeyed hash code. One skilled would have been motivated 
to do so because unkeyed hash codes would be useful for providing proof of data 
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integrity, which is one of the most important objectives of information security 
(paragraph 4). A further rationale for why it would have been obvious to modify 
Peyravian's invention such that it used an unkeyed hash code instead of a keyed one is 
that doing so is nothing more than simple substitution of one known hashing element for 
another to obtain a predictable result. In this case, the type of hash obtained is 
predictable. 
Claim 12: 

Peyravian does note explicitly disclose said authentication value for 
authenticating messages is transmitted from said initiator to said responder, or vice 
versa. However, Eskicioglu discloses use of an authentication value for authenticating 
messages transmitted form said initiator to said responder, or vice versa (paragraph 6). 
At the time applicant's invention was made, it would have been obvious to one of 
ordinary skill in the art to further modify Peyravian's invention according to the 
limitations recited in claim 12. One skilled would have been motivated to do so because 
data authentication is one of the most important objectives of information security 
(Eskicioglu: paragraph 4). 
Claim 13: 

As per claim 13, computing of an authentications code and the transmission of 
said second key and said authentication code are by definition pre-authentication 
messages since these steps are used to authenticate the responder to the initiator. 
Further, the transmitting of said first key and the use of authentication values are used 
to exchange keys, thus are internet key exchange protocol messages. 
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Claim 19: 

Claim 7 recite limitations similar to what is recited in claim 7 and is rejected for 
similar reasons given therein. 
Claim 31: 

Claim 31 is directed towards a system comprising operating means for 
implementing the method of claim 13, thus is rejected for similar reasons given therein. 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Ponnoreay Pich whose telephone number is 571-272- 
7962. The examiner can normally be reached on 9:00am-4:30pm Mon-Thurs. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on 571-272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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Examiner 
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